Should we allow new users to post unlimited links to GitHub?

Continuing the discussion from Inconsistency with /proc mount in container:

See thread. The multiple-link protection is really essential for blocking real spam, and it isn’t very hard for new users to participate enough to get to the next trust level with higher limits — but it always unfriendly-feeling when legitimate users get auto-blocked by this.

We already have exceptions for links to Fedora docs, bugzilla, etc. Should we add one for GitHub too? Theoretically a spammer could create evil repos and post those links, but I haven’t seen that happen here in practice.

6 Likes

I think that would be reasonably low risk. Should probably add both github and gitlab though.

6 Likes

There should also be very little risk from CodeBerg, which is a fully FOSS host of several significant open source projects. https://codeberg.org/

2 Likes

I agree to add gitlab github codeberg and maybe savannah.

I think it is important to keep links on that level restrictive and not make it permissive, for the reasons you mentioned. But I don’t think it is important to deeply evaluate each link we allow. If we know the respective site and know that the risk is limited, add it :wink: There ain’t critical issues that can rise from the known git pages in this respect.

Maybe pages like Wikipedia make also sense to be added?

You should be liberal with the allow-list of sites.

My first post in this community required that split my post over 3 posts:

Not a good first experience.

BTW, if can work around the two link limit by splitting over three posts, I’m sure spammers can too. So, I don’t know why the limit exists in the first place.

1 Like

The spam attacks are often “dumb” — scripts or low-paid workers following a script. They are fast but not very adaptive. So things like this really do slow them down.

I think it’s reasonable to have more likely-legitimate sites on an allow list. Everything in fedoraproject.org should be OK.

1 Like

I say “No” for unlimited links(only some few necessary links) because it’s harder to read and only very few of the users in this forum are developer here and so github etc. links increase confusion.

I don’t want to start adding a bunch of sites speculatively. Let’s limit it to where we observe real-world problems.

I think it’s also decent point that many first posts which include a lot of links are … messy. It can be frustrating when you’re doing it for a good reason and they’re useful, but a lot of these tons-of-links first posts would be better with fewer links and more explaining the problem directly anyway.

1 Like